package leap.web.security.csrf;

import java.util.Map;
import leap.core.annotation.Inject;
import leap.core.web.RequestBase;
import leap.htpl.HtplConstants;
import leap.htpl.HtplContext;
import leap.htpl.HtplDocument;
import leap.htpl.HtplEngine;
import leap.htpl.ast.Element;
import leap.htpl.ast.If;
import leap.htpl.ast.IfCondition;
import leap.htpl.interceptor.ElementProcessInterceptor;
import leap.lang.expression.AbstractExpression;
import leap.web.security.SecurityConfig;
import leap.web.security.SecurityConstants;

/* loaded from: input_file:leap/web/security/csrf/CsrfFormInterceptor.class */
public class CsrfFormInterceptor extends ElementProcessInterceptor {

    @Inject
    protected SecurityConfig config;

    @Override // leap.htpl.interceptor.ElementProcessInterceptor
    protected void preProcessElement(HtplEngine htplEngine, HtplDocument htplDocument, Element element) throws Throwable {
        String csrfParameterName = this.config.getCsrfParameterName();
        if (element.getLocalName().equalsIgnoreCase("form") && null == element.findElement(element2 -> {
            return element2.getLocalName().equalsIgnoreCase(HtplConstants.INPUT_ELEMENT) && csrfParameterName.equals(element2.getAttributeValue("name"));
        })) {
            IfCondition ifCondition = new IfCondition(SecurityConstants.DEFAULT_CSRF_PARAMETER, new AbstractExpression() { // from class: leap.web.security.csrf.CsrfFormInterceptor.1
                @Override // leap.lang.expression.AbstractExpression
                protected Object eval(Object obj, Map<String, Object> map) {
                    HtplContext htplContext;
                    RequestBase request;
                    if (!CsrfFormInterceptor.this.config.isCsrfEnabled() || null == (request = (htplContext = (HtplContext) obj).getRequest())) {
                        return false;
                    }
                    CsrfToken generatedToken = CSRF.getGeneratedToken(request);
                    if (null != generatedToken) {
                        htplContext.setLocalVariable("csrf_token_string", generatedToken.getToken());
                    }
                    return true;
                }
            });
            Element element3 = new Element(null, HtplConstants.INPUT_ELEMENT);
            element3.setAttribute("name", csrfParameterName);
            element3.setAttribute("type", "hidden");
            element3.setAttribute("value", "${csrf_token_string}");
            element3.setSelfClosing(true);
            ifCondition.addChildNode(element3);
            element.childNodes().add(0, new If(ifCondition));
        }
    }
}
